Virus emails coming from Anandtech.com addresses!

[NikPreviousAcct]

I just got an email from Brandon Hill's (NFS4) anandtech.com address. Check this out:

Warning: This message has had one or more attachments removed
Warning: (nexw.zip).
Warning: Please read the "VirusWarning.txt" attachment(s) for more information.

We have received this document from your e-mail.

I get a .txt attachment with virus emails that have been cleaned telling me details. Here's what it says:

This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "nexw.zip"
was believed to be infected by a virus and has been replaced by this warning
message.

If you wish to receive a copy of the *infected* attachment, please
e-mail helpdesk and include the whole of this message
in your request. Alternatively, you can call them, with
the contents of this message to hand when you call.

At Mon Oct 11 05:25:34 2004 the virus scanner said:
nexw.zip contains Worm.Mydoom.F

Note to Help Desk: Look on the MailScanner in /var/spool/MailScanner/quarantine/20041011 (message 1CGlC5-0000Rb-6T).
--
Postmaster
Mailscanner thanks transtec Computers for their support

MyDoom!

 

[SickBeast]

Uh oh. :Q

 

[Schadenfroh]

think his computer got pwned and turned into a spam zombie?

 

[SickBeast]

Originally posted by: Schadenfroh
think his computer got pwned and turned into a spam zombie?

Maybe they'll hire you onto Team Anandtech to fix it, at which point you can declare yourself a Grand Master Elite. :beer:

 

[AFB]

Originally posted by: SickBeast

Originally posted by: Schadenfroh
think his computer got pwned and turned into a spam zombie?

Maybe they'll hire you onto Team Anandtech to fix it, at which point you can declare yourself a Grand Master Elite. :beer:

lol

 

[RagingBITCH]

Either his account got pwned, or someone spoofed and used his email address. Copying and pasting the headers would help.

 

[NFS4]

Our Anandtech emails are spoofed and spammed all to hell. Nothing out of the ordinary. I get about 500 crappy spam emails a day to that AT account

 

[NikPreviousAcct]

So, essentially, that's someone sending me an email made up to look like it came from your address? Or it's just a virus-packed spam box that you don't have any sort of outgoing virus scanner enabled?

 

[ViRGE]

Nik, look up email spoofing. It's a worm on a machine that knows Brandon's address(but not Brandon's machine), using it out of pure random chance.

 

[NikPreviousAcct]

I know what spoofing is. Three years ago, I filled someone's inbox with messages from god@heaven.com telling them to screw off and stop hitting in my girlfriend. I queued 60,000 messages, but only 8k or so went through before I lost the connection with the unsecure relay.

 

[n0cmonkey]

Originally posted by: Nik
I know what spoofing is. Three years ago, I filled someone's inbox with messages from god@heaven.com telling them to screw off and stop hitting in my girlfriend. I queued 60,000 messages, but only 8k or so went through before I lost the connection with the unsecure relay.

Newbie.

The headers should tell you which mail server it went through. Compare it to a legitimate Anandtech email. If they're similar enough, we'll laugh at nsf4 for years to come.

 

[NikPreviousAcct]

Return-path: <brandon.hill@anandtech.com>
Envelope-to: (removed)
Delivery-date: Mon, 11 Oct 2004 05:25:41 +0800
Received: from (removed) by flake.adminz.net with local-bsmtp (Exim 4.42)
id 1CGlCA-0000SP-Go
for (my email removed); Mon, 11 Oct 2004 05:25:37 +0800
Received: from [24.178.69.92] (helo=anandtech.com)
by flake.adminz.net with esmtp (Exim 4.42)
id 1CGlC5-0000Rb-6T
for (my email removed); Mon, 11 Oct 2004 05:25:31 +0800
From: brandon.hill@anandtech.com
To: (removed)
Subject: {Virus?} test
Date: Sun, 10 Oct 2004 17:25:27 -0400
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0008_CBB7B65C.18EFCBA4"
X-Priority: 3
X-MSMail-Priority: Normal
X-MailScanner: Found to be infected, Found to be clean
X-Spam-Status: No, score=1.1 required=5.0 tests=BAYES_50,MISSING_MIMEOLE,
NO_REAL_NAME,PRIORITY_NO_NAME autolearn=no version=3.0.0
X-Spam-Level: *
X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on flake.adminz.net
Message-Id: <E1CGlCA-0000SP-Go@flake.adminz.net>
X-MailScanner-Information: Please contact the ISP for more information

 

[Blain]

I hardly ever got any spam in my main email account. But as soon as I updated my profile with my main account address... the spam has started rolling in.
Is it this way with everyone? If so, what good does having "REMOVE" added to the address do?
The only thing that's changed for me lately is having my address posted in my profile.

 

[otispunkmeyer]

Originally posted by: SickBeast

Originally posted by: Schadenfroh
think his computer got pwned and turned into a spam zombie?

Maybe they'll hire you onto Team Anandtech to fix it, at which point you can declare yourself a Grand Master Elite. :beer:

grand master flash!!! yeah baby

 

[Anubis]

humm